ANS Group Plc: Solutions - Identity Management

Identity Management

The term 'Identity Management' is currently being thrown around the pages of not only IT trade magazines, but also the majority of standard business press material. With the particular rise in Identity theft and increased regulatory compliance, organisations are now beginning to adopt an identity-centric approach to their business operations. However, the term, Identity Management in itself is still widely misunderstood and subsequently its relevance and importance within IT.

The way we do business now is far more complex than it ever has been. People require access to personal information using any device, from any place and at any time they need it. Added to this, IT networks have expanded into a range of diverse and sometimes disparate systems and applications. Therefore, the identity of each user within one organisation becomes scattered; a mixture of different names, attributes and access rights.

Compliance

But other imperatives driving companies to improve the efficiency of their identity management systems have come into play over the past couple of years-namely the need for companies to prove that they are in compliance with new industry standards and government regulations. These include corporate governance regulations such as Sarbanes-Oxley, the Basel capital adequacy directives and regulations regarding data protection and privacy.

These regulations are driving greater accountability into business and are forcing companies to revamp their internal controls. One key requirement for achieving compliance with the regulations is the ability to prove who has accessed which corporate resources and at what time, along with the ability to prove that they have not altered or deleted key business information.

An identity-centric approach

Compliance challenges tend to drive the need for an identity-centric approach. Yet Identity Management is not just an antidote methodology; effective Identity Management will actually provide your business with the foundation for far higher productivity and rapid reductions in cost. Therefore it must not be looked at as a single product or technology. It is a combination of both products and planning; what we would define as a solution set.

At ANS we tend to think of Identity Management pointing to 3 key principles:

The first area is Identification, ensuring that every user is who they say they are, and that they have the ability to access the applications and services to which they, or their particular role in an organisation, are entitled. There should only be the need for one identity per person, with the information fully synchronised between all the systems and applications.
The second area is Auditing to ensure that proper usage records are kept so that problems can be flagged and resolved. There needs to be a central repository to which all information generated is sent so that it can be time stamped and tied to user records. To effectively audit usage, companies also need to develop the ability to consolidate records from a diverse range of technology systems so that they can be collated for effective review.
The third area is efficient Access to the right resources, where that access must be directly linked to the identities of each user. This area is concerned with the provisioning and de-provisioning of resources for staff joiners, movers and leavers. Ideally there needs to be an automated workflow procedure that automatically provisions these resources to individuals so that they are immediately productive, and de-provisions resources as soon as they leave. At the moment, most companies provide these resources manually and this can really frustrate IT staff. It is also a very high overhead cost.

With people now using a variety of devices and accessing more information over the internet, access must also be totally secure. Taking peoples' identification details; user-names, passwords and multi-factor authentication procedures, provides a high level of authentication of an individual and can ensure that you are providing the right people with the relevant access. It also ensures that anyone who is not entitled to access rights will not be able to mistreat information.

Central Identity Store

What is required is a central Identity Store that can draw these 3 key principles, and furthermore your network, together. This Identity Store must be the foundation for any effective Identity Management solution. All the identity details are stored and managed in one central location. User information is then synchronised between all the different and disparate systems in your network, maintaining a very accurate level of user data. Once we have this central identity store in place we can then build the various solutions on top.

Tackling immediate pains

It is important to realise the value of planning and taking one step at a time in effective Identity Management. Each solution can offer a different value and it is important that companies focus on their biggest pain first and not rush into the total panacea. Yet, with computer networks increasingly being compromised by malicious attacks and inefficient procedures, companies can no longer afford to be complacent.

What should an effective Identity Management solution suite offer ?

1. Integrated Roles Rights and Rules

Associate access rights with a role within the organisation
Dynamically assign & automatically change access rights based on changes in user role
Mix manual and automatic roles and rights assignments
Report on roles, rights associated with roles and users associated with roles
Use defined organisational information to dynamically route workflow and approvals

2. Workflow - Self-service and Administration

Web-based tool for requesting resource access
Ability to use defined organisational information to dynamically route workflow and approvals to the "right" role/person
Ability to delegate approval authority to another
Automatic escalation of request to alternative approver if time elapses

3. Access Management

Adherence to open/Industry standards - Liberty Alliance, SOAP, SAML
Protection of private user information
Secure process for transmitting changes in access rights over the internet
Reporting of user access events, changes in access rights
Web and client-based SSO
Integrated management console for identity & access management administration

4. Audit

Data store that supports non-repudiation - "Tamper-proof"
Time stamped records for changes in access rights, roles & each sequence in workflow
Multi-factor, easy to build reports for users, administrators, workflows & time periods

5. Password Management

Ability to reach user self-service through the web without logging into the network
Ability to implement password policy across the entire enterprise
Password synchronisation across the entire enterprise (including legacy systems)

6. Integrated Identity Store

Ability to connect to multiple data stores to build "one view" of the user
Ability to detect and respond to changes in the identity store in real time
Ability to detect and role back changes made to user attributes automatically, based on policy, in identity store or application
Ability to prevent the creation of orphan accounts through policy

7. Connectivity

Availability of connector development tool
By-directional synchronisation
Ability to define and connect application and identity data at any object or attribute level
Web Services functionality & Standards-based
Event-based
Legacy support

8. Platform

Web-based admin systems for remote management or integration to existing portals
All components should be configured for high availability including disaster recovery and fault tolerance
Ability to operate on secure platforms like Linux
XML-based extensibility for interaction with external systems
Demonstrated performance on loads exceeding likely performance environment
Doesn't require rip & replace of existing systems

London solicitors introduce email archiving and forensic compliance solution to
meet industry regulations

Solutions Menu